BYOD Best Practices

BYOD or “bring your own device” is a growing trend in the business world. More and more businesses, in an effort to attract top talent and boost employee morale and efficiency, are adopting BYOD policies. Here are some top ways that your business can implement its own BYOD policy.

Any BYOD policy has to have buy-in from across the company. Make sure that all parties – from IT to legal – are well aware of the policies surrounding “bring your own device” and are comfortable with what information may and may not be accessed from their personal devices.

With regard to IT, determine the types of incidents that IT will support. Part of the incentive for businesses to adopt BYOD programs is to alleviate some of the necessary expenditures. While it will be necessary for IT to provide support on some issues, the greater number of problems should be directly handled by the users’ service providers.

Ensure that the policy is legal and that eligibility is clearly defined with clear rules about joining, leaving or changing participation agreements. Require signatures on policy agreements from all those taking advantage of the program.

The business should dictate which devices are allowed in concert with the BYOD program to ensure that employees are using the devices that best meet their individual needs.

Have BYOD security strategies and policies in place in the event that an employee leaves or a device is lost or compromised. In the event of the latter, enabling remote wipe of the device is certainly valuable in maintaining information security. Certainly, when a sales person leaves the company and takes their device with them, they are essentially carrying all of their business contacts away from the enterprise. Ensure that policies are in place that address such an eventuality and protect the assets of the company.

Again, speaking to BYOD security, make sure the company executives’ devices are covered by the policy. Higher-ups have greater access to secure information.

Mobile devices feature an array of technologies. Implement policies governing what features are appropriate for use with the business. Again, with regard to security, you don’t want an employee with a smartphone inadvertently capturing on video details of some sensitive project. In addition, encryption and access control are necessary to any device where business-related data resides.

Consider covering some of the cost of device use. This will create greater buy-in from potential users and, in the long-run, could save the business some money in that it is not wholly responsible for providing the appropriate technologies to employees.

Another security concern, consider implementing a records management solution to ensure that all data – sensitive or otherwise – is managed properly. This might include partitioning data on the employee’s device so that personal information is kept separate from company data. Moreover, records management is a serious compliance requirement which should not be left to the individual user. A clear definition of what constitutes a business record should be provided as well as what data should be retained.

Be sure to monitor data usage – especially where reimbursement is to take place – to ensure that only authorized use is occurring.

Though bring your own device programs are the growing trends in the business world, it is imperative for companies to have clear policies in place that govern employees’ use of personal devices. BYOD is not a passing fad – it is here to stay – and an understanding of the best practices surrounding the program’s installation is crucial to ensuring the program’s effectiveness as well as its security.